CVE-2026-43076
Integer Overflow in OCFS2 Filesystem
Publication date: 2026-05-06
Last updated on: 2026-05-06
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oracle | ocfs2 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's ocfs2 filesystem. When reading an inode from disk, the function ocfs2_validate_inode_block() performs sanity checks but fails to validate the size of inline data (i_size). If the filesystem is corrupted, the inode's i_size can be larger than the actual inline data capacity (id_count).
As a result, ocfs2_dir_foreach_blk_id() can iterate beyond the inline data buffer, causing a use-after-free (UAF) error when accessing directory entries from freed memory. This means the system may access invalid memory, potentially leading to crashes or other unpredictable behavior.
The fix involves adding a validation check to ensure that inodes with inline data have i_size less than or equal to id_count, preventing the corruption from propagating.
How can this vulnerability impact me? :
This vulnerability can lead to a use-after-free condition in the ocfs2 filesystem code, which may cause system instability, crashes, or potentially allow an attacker to execute arbitrary code or escalate privileges by exploiting the invalid memory access.
Since the issue arises from corrupted filesystem data, it could also lead to data corruption or loss if exploited or triggered unintentionally.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is fixed by adding a validation check in the Linux kernel's ocfs2_validate_inode_block() function to ensure that inodes with inline data have their i_size less than or equal to the inline data capacity (id_count).
To mitigate this vulnerability immediately, you should update your Linux kernel to a version that includes this fix.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves a use-after-free triggered by corrupted inline data size in ocfs2 filesystem inodes. Detection would require checking for inconsistencies between the inode's i_size and the actual inline data capacity (id_count) on ocfs2 filesystems.
Since the issue arises from corrupted filesystem metadata, detection commands would focus on filesystem integrity checks and inspecting inode sizes on ocfs2 volumes.
- Use the 'fsck.ocfs2' tool to check and repair ocfs2 filesystem inconsistencies.
- Manually inspect inode sizes and inline data capacity by using debugfs or similar tools if available for ocfs2, although ocfs2-specific debug tools are limited.
- Monitor system logs for kernel warnings or errors related to ocfs2 inode reads or directory entry processing, which may indicate exploitation attempts or corruption.